Hackers: Data Picking for Profit

Blog Post Top

Years ago I fell victim to fraud. It was around 1999 and I was residing in a hip, desirable borough of Boston known as Allston-Brighton on a very safe street with many trustworthy and caring neighbors. I was enjoying a busy career  at a fast climbing start-up company and not really worrying about threats against my privacy or my security. One day I discovered over $400 missing from my checking account. It was just gone. Keep in mind that at the time of this discovery I was a single professional making decent money but when that amount of money just drops out of your wallet, with no explanation or warning, it is very traumatic and extremely concerning. After much investigation, repeated phone calls back and forth with my bank, interviews with security companies and conversations with the police, it was concluded that my bank account information had been stolen  – most likely directly from a document in my trash container outside my apartment building. I was told that the suspected party had sifted through the waste and found my numbers either on a check or bank statement which was innocently but unfortunately tossed away for them to easily find. They lifted the information to sell it to “organized criminals” for profit. Investigators advised me (remember we’re back in 1999) that organized crime will often recruit people – drug addicts, homeless people, drifters and sometimes college students (Boston being a big college town) to “pick trash” to find old checks, personal mail, and other documentation that could open doors into ones private, personal and financial life. They told me that they had withdrawn $300-500 from at least 200 individuals in the New England area in a one week period, quickly closed up operations and moved on to strike unexpectedly from another location.

Remembering this experience still makes me cringe but also prompts me to make comparisons in my head to events that have been uncomfortably common in our daily lives. Back in 1999
things were obviously much less sophisticated technologically – but the “trash picking thieves” of yesterday have grown up and moved with the times and now use the tools that are readily available to aid their thievery. The kind of trash they pick – the information they desire – is the same but it is handled by us and them much differently. In today’s world we never think of it as trash once it is discovered missing even though we may have handled it just as carelessly. These pickers, thieves, criminals, opportunists no longer need to sneak around in the back alleys of average neighborhood U.S.A. and shift through garbage to get what they want. They can do it in broad daylight while kicking back on a laptop sipping at a cup of coffee – all while making a good living. They are profiting because they are – and always will be –  catering to those who are paying and paying big. There is much more to choose from in today’s figurative trash bin that we may or may not even realize is left behind to be so vulnerable.

hands-on-keyboardBillions and billions of private keys, passwords, account numbers and unique personal identifications is available for the taking and valuable to the criminals waiting to exploit. I sit sometimes desensitized by the amount of news regarding this week’s new hack, exploit and attack and begin to reflect about the who, why and what is behind the breaking and entering into to our “homes” and the selling our precious data. Once the pickers have filled their pockets what is the next step? What are hey getting out of this? Who are the ones running the show? I have been reading a lot more recently about the big business of cyber thievery and it has left me looking at my online life much differently.

The pickers of today – known more formally as “hackers” – are smart, technologically savvy individuals who pick and choose their targets based on a whole new set of information and parameters. They spend time to figure out what data and information will open the most doors faster, easier and, of course without detection. Most always their primary motivation is to determine what data will generate the maximum amount of profit for their efforts and how this could open more doors to bigger and better opportunities. Each week’s news brings on increasing reports regarding hackers. In a world where “the war on drugs” was a common term used for decades in everyday conversations at work and home, the criminal activity including the transporting and dealing illegal drugs on larger scales seems to have dropped off the airwaves. The buying, selling and trading of our information, our data, has been moved to the lower shelves in the great criminal marketplace. The “black market” where these individuals hang out and network has become a monolith of activity that moves a lot of money. I learned much about these tight networks and their operations from a article written by Lillian Albon called “Hackers’ Bazzar” where she places the entire entity and it’s activities in a perfect nutshell. Albon writes, “Today’s cyber black markets have evolved into playgrounds of financially driven, highly organized and sophisticated groups, often connected with traditional crime organizations. For certain levels of criminals, these black markets can be more profitable and less risky than the illegal drug trade; the links to end-users are more direct, and because worldwide distribution is accomplished electronically, the requirements are negligible. In many countries, malicious hacker activity is condoned — in fact, there are even reports of Eastern European hackers with government ties.”

Hacker CropI don’t believe that anyone who spent time growing up in the seventies, watching Brady Bunch re-runs and thinking of “identity theft” as the subject of a creepy science fiction movie would say that the criminal activity of today and the methods used to steal money, exploit identities and share private information were expected or even possible. We have graduated to a place where something as simple as a picture of your face can be given to someone else without your knowledge and misused at the click of a mouse. As consumers our biggest fear was that a thief would pick our pocket, physically take our wallet, steal our credit card, walk into a store and purchase merchandise in our name. Of course, this could still happen but with amplification and availability of technology these thieves do not need to be in the same room, town or country to take our money or our identity. The most absurd thought is that these individuals are a part of a well-organized, driven, intelligent and highly motivated group of networked criminals who most of us humorously imagine as hooded specters in dark basements drinking energy drinks and cold pizza. The reality is that they have figured out the system and will work hard to continue this path as long as it turns a profit. In fact, unless you have not digested the seriousness of their motivations, you must accept that these organized groups anticipate changes in security, cyber defenses and protection and have plans to get around the blockages even before they are raised. Today we need to worry about more than our trash getting picked or our wallets being stolen.

Hackers have found a way to make money from mostly everything we own. All they need to do is open a door that leads them to the valuables. We have built modern doors on our computers, on our phones and through our technology driven lifestyles that we may or may not realize are wide open or unlocked. Articles flow daily with stories of how hackers can steal passwords through popular social media accounts which can prove to be much more valuable, profitable and continuously usable than any credit card they could lift from your wallet to use for a day of wild spending. Today’s hackers have found ways to profit from your medical records, personal photos, work history, spending statistics and global locations because their are people who want to use it to make more money and help others to exploit your existence. Yes, this is very dramatic and darkly colored but unfortunately it is something to be taken very seriously. A recent article published by Reuters stated that hackers will sell stolen names, birth dates, insurance policy information and bank information to those criminal groups who generate counterfeit professional identification which allows them to buy specialty merchandise – pharmaceutical drugs, medical equipment, high level technology – which they can resell posed as legitimate dealers.

cash-in-handReuters said that “cyber criminals make around 10 times more money hacking someone’s medical information than from stealing their credit card details.” It is believed that approximately 80,000 people are reached by hacker organizations which then have the potential to convert all desired data into hundreds of millions of dollars which is used to continue their illegal course. Unfortunately, from what we read each day, it seems that these activities and relentless waves of attack are not subsiding but only increasing. Constant recruitment from the underground hacker networks have made it easier for motivated, opportunistic, criminally minded individuals to learn more about how to join the world of stealing, buying, and selling information. Keep your eyes open and your ears to the ground – but most importantly never assume that your data is not valuable.

Read more articles about hackers, data breaches and security vulnerabilities on the internet in the Hostwinds Blog Archive.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.